---
# Tasks to set up haproxy

- name: install needed packages
  package: name={{ item }} state=present
  with_items:
  - haproxy
  tags:
  - packages
  - haproxy

- name: install haproxy/cfg
  template: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode=0600
  with_items:
  - { file: haproxy.cfg, dest: /etc/haproxy/haproxy.cfg }
  notify:
  - restart haproxy
  tags:
  - haproxy

- name: install limits.conf and 503.http
  copy: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode=0600
  with_items:
  - { file: limits.conf, dest: /etc/security/limits.conf }
  - { file: 503.http, dest: /etc/haproxy/503.http }
  tags:
  - haproxy

- name: install pem cert
  copy: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode=0600
  with_items:
  - { file: "ipa.{{env}}.pem", dest: /etc/haproxy/ipa.pem }
  - { file: "os-master.{{env}}.pem", dest: /etc/haproxy/os-master.pem }
  tags:
  - haproxy

- name: Install libsemanage-python so we can manage selinux with python...
  package: name=libsemanage-python state=present
  tags:
  - haproxy
  - selinux

- name: Turn on certain selinux booleans so haproxy can bind to ports
  seboolean: name={{ item }} state=true persistent=true
  with_items:
  - haproxy_connect_any
  tags:
  - haproxy
  - selinux

# These following four tasks are used for copying over our custom selinux
# module.
- name: ensure a directory exists for our custom selinux module
  file: dest=/usr/share/haproxy state=directory
  tags:
  - haproxy
  - selinux

- name: copy over our general haproxy selinux module
  copy: src=selinux/fi-haproxy.pp dest=/usr/share/haproxy/fi-haproxy.pp
  register: fi_haproxy_module
  tags:
  - haproxy
  - selinux

- name: check to see if its even installed yet
  shell: semodule -l | grep fi-haproxy | wc -l
  register: fi_haproxy_grep
  check_mode: no
  changed_when: "'0' in fi_haproxy_grep.stdout"
  tags:
  - haproxy
  - selinux

- name: install our general haproxy selinux module
  command: semodule -i /usr/share/haproxy/fi-haproxy.pp
  when: fi_haproxy_module is changed or fi_haproxy_grep is changed
  tags:
  - haproxy
  - selinux


- name: check haproxy cfg to make sure it is valid
  command: haproxy -c -f /etc/haproxy/haproxy.cfg
  check_mode: no
  register: haproxyconfigcheck
  changed_when: haproxyconfigcheck.rc != 0
  tags:
  - haproxy

- name: Make sure haproxy is awake and reporting for duty
  service: name=haproxy state=started enabled=yes
  tags:
  - haproxy

